Text Exploits
31,386 exploits tracked across all sources.
WordPress Plugin Slider Templatic Tevolution < 2.3.6 - Arbitrary File Upload
by r3m1ck
Dell SonicWALL Secure Mobile Access SMA 8.1 - Cross-Site Scripting / Cross-Site Request Forgery
by LiquidWorm
Dell SonicWALL Global Management System GMS 8.1 - Blind SQL Injection
by LiquidWorm
Simply Poll 1.4.1 Plugin for WordPress SQL Injection
Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' action and malicious 'pollid' values to execute arbitrary SQL queries and read sensitive data from the WordPress database.
by TAD GROUP
CVSS 8.2
aWeb Cart Watching System <2.6.1 - SQL Injection
SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving categorysearch and smartSearch.
by qemm
CVSS 9.8
WampServer 3.0.6 - Privilege Escalation
WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called mysqld.exe or httpd.exe and replace the original files. The next time the service starts, the malicious file will get executed as SYSTEM. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which "'someone' (an attacker) is able to replace files on a PC" is not "the fault of WampServer.
by Heliand Dema
CVSS 7.5
Shutter <0.93.1 - Command Injection
/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action.
by Prajith
CVSS 7.8
ARI Framework module/Asterisk Recording Interface (ARI) <2.9.0.9, <...
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.
by inj3ctor3
OpenSSH < 7.3 - Remote Code Execution via Forwarded SSH-Agent PKCS#11 Module Loading
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
by Google Security Research
CVSS 7.3
OpenSSH <7.4 - Privilege Escalation
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.
by Google Security Research
CVSS 7.0
iPhone OS < 10.2, macOS < 10.12.2, watchOS < 3.1.3 - Kernel Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Google Security Research
CVSS 7.8
Android 5.0.2 5.1.1 6.0 6.0.1 7.0 - Elevation of Privilege via Wi-Fi
An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31856351.
by Google Security Research
CVSS 7.8
WordPress 404 Redirection Manager Plugin 1.0 SQL Injection
The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloads to manipulate database queries and extract sensitive information from the WordPress database.
by Ahmed Sherif
CVSS 8.2
iPhone OS < 10.2 - Use-After-Free in Kernel
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
by Google Security Research
CVSS 7.8
iPhone OS < 10.2, macOS < 10.12.2, watchOS < 3.1.3 - Kernel Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
by Google Security Research
CVSS 7.8
WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection
by Lenon Leite
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (1)
by Lenon Leite
WHMCompleteSolution (WHMCS) Addon VMPanel 2.7.4 - SQL Injection
by ZwX
iPhone OS < 10.2 and macOS < 10.12.2 - Local Privilege Escalation via Power Management Mach Port Name References
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.
by Google Security Research
CVSS 7.8
Apport < 2.20.4 - Path Traversal via Package Hook Fields
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.
by Donncha OCearbhaill
CVSS 7.8
By Source